Tripwire Patch Priority Index for March 2024

Tripwire’s March 2024 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft, Google, and Apple.

First on the patch priority list are patches for Windows Kernel and Multiple Apple products. These CVEs (CVE-2024-21338, CVE-2024-23296, CVE-2024-23225) have been added to CISA’s Known Exploited Vulnerabilities (KEV) catalog.

Up next are patches for Microsoft Edge (Chromium-based) and Chromium that resolve use-after-free, out of bounds memory access, and inappropriate implementation vulnerabilities.

Next on the patch priority list this month is a patch for Microsoft Office that resolves an elevation of privilege vulnerabilities.

Next are patches that affect components of the core Windows operating system. These patches resolve over 40 vulnerabilities, including elevation of privilege, information disclosure, security feature bypass, denial of service, and remote code execution vulnerabilities. These vulnerabilities affect core Windows, Kernel, NTFS, UAS Protocol, Cloud Files Mini Filter Driver, ODBC Driver, Defender, Kerberos, and others.

Next up are patches for .NET, Visual Studio Code, and Azure Data Studio that resolve 2 elevation of privilege and 1 denial of service vulnerabilities.

Lastly, administrators should focus on server-side patches for Exchange Server, Dynamics, SharePoint, Hyper-V and Microsoft Django Backend for SQL Server. These patches several issues including remote code execution, cross-site scripting, and denial of service vulnerabilities.